def save_hives():
"""
Save SAM Hives
"""
for h in constant.hives:
if not os.path.exists(constant.hives[h]):
try:
cmdline = 'reg.exe save hklm\%s %s' % (h, constant.hives[h])
command = ['cmd.exe', '/c', cmdline]
info = subprocess.STARTUPINFO()
info.dwFlags = STARTF_USESHOWWINDOW
info.wShowWindow = SW_HIDE
p = subprocess.Popen(command,
startupinfo=info,
stdin=subprocess.PIPE,
stderr=subprocess.STDOUT,
stdout=subprocess.PIPE,
universal_newlines=True)
results, _ = p.communicate()
except Exception as e:
print_debug(
'ERROR',
u'Failed to save system hives: {error}'.format(error=e))
return False
return True
def check_credentials(self, passwords):
if self.umkp:
for password in passwords:
for ok, r in self.umkp.try_credential(sid=self.sid,
password=password):
if ok:
self.unlocked = True
print_debug('OK', r)
else:
print_debug('ERROR', r)
def delete_hives():
"""
Delete SAM Hives
"""
# Try to remove all temporary files
for h in constant.hives:
if os.path.exists(constant.hives[h]):
try:
os.remove(constant.hives[h])
print_debug(
'DEBUG', u'Temporary file removed: {filename}'.format(
filename=constant.hives[h]))
except Exception:
print_debug(
'DEBUG',
u'Temporary file failed to removed: {filename}'.format(
filename=constant.hives[h]))
def __init__(self):
self.smkp = None
self.unlocked = False
if not constant.lsa_secrets:
# Retrieve LSA secrets
LSASecrets().run()
if constant.lsa_secrets:
masterkeydir = u'C:\\Windows\\System32\\Microsoft\\Protect\\S-1-5-18\\User'
if os.path.exists(masterkeydir):
self.smkp = MasterKeyPool()
self.smkp.load_directory(masterkeydir)
self.smkp.add_system_credential(
constant.lsa_secrets['DPAPI_SYSTEM'])
for ok, r in self.smkp.try_system_credential():
if ok:
print_debug('OK', r)
self.unlocked = True
else:
print_debug('ERROR', r)
def __init__(self, password=None, pwdhash=None):
self.sid = None
self.umkp = None
self.unlocked = False
protect_folder = os.path.join(constant.profile['APPDATA'],
u'Microsoft', u'Protect')
credhist_file = os.path.join(constant.profile['APPDATA'], u'Microsoft',
u'Protect', u'CREDHIST')
if os.path.exists(protect_folder):
for folder in os.listdir(protect_folder):
if folder.startswith('S-'):
self.sid = folder
break
if self.sid:
masterkeydir = os.path.join(protect_folder, self.sid)
if os.path.exists(masterkeydir):
self.umkp = MasterKeyPool()
self.umkp.load_directory(masterkeydir)
self.umkp.add_credhist_file(sid=self.sid,
credfile=credhist_file)
if password:
for ok, r in self.umkp.try_credential(
sid=self.sid, password=password):
if ok:
self.unlocked = True
print_debug('OK', r)
else:
print_debug('ERROR', r)
elif pwdhash:
for ok, r in self.umkp.try_credential_hash(
self.sid, pwdhash=pwdhash.decode('hex')):
if ok:
self.unlocked = True
print_debug('OK', r)
else:
print_debug('ERROR', r)
def manage_response(ok, msg):
if ok:
return msg
else:
print_debug('DEBUG', u'{msg}'.format(msg=msg))
return False
def warning(self, message):
print_debug('WARNING', message)
def debug(self, message):
print_debug('DEBUG', message)
def info(self, message):
print_debug('INFO', message)
def error(self, message):
print_debug('ERROR', message)